CN110214434B - Printer identification and security - Google Patents

Printer identification and security Download PDF

Info

Publication number
CN110214434B
CN110214434B CN201780084360.6A CN201780084360A CN110214434B CN 110214434 B CN110214434 B CN 110214434B CN 201780084360 A CN201780084360 A CN 201780084360A CN 110214434 B CN110214434 B CN 110214434B
Authority
CN
China
Prior art keywords
printing device
memory portion
secure memory
card
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201780084360.6A
Other languages
Chinese (zh)
Other versions
CN110214434A (en
Inventor
拉杰什·K·锐京加尼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Entrust Corp
Original Assignee
Entrust Datacard Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Entrust Datacard Corp filed Critical Entrust Datacard Corp
Priority to CN202211588704.6A priority Critical patent/CN116186728A/en
Publication of CN110214434A publication Critical patent/CN110214434A/en
Application granted granted Critical
Publication of CN110214434B publication Critical patent/CN110214434B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

A system and method for establishing a secure identification for a printing device at the time of manufacture is provided. The method comprises the following steps: the first private key is obtained for use with a first operation of the printing device, and the second private key is obtained for use with a second operation of the printing device. The method further comprises the following steps: the first private key is loaded into a secure memory portion of the printing device during manufacture of the printing device, and the second private key is loaded into the secure memory portion of the printing device during manufacture of the printing device.

Description

Printer identification and security
Technical Field
The present disclosure relates to a method and system for establishing a unique security mark for a printing device at the time of manufacture.
Background
As printing devices become more dependent on interconnections with customers, other printing devices, and servers, these printing devices become more vulnerable to attack or reconfiguration by unauthorized third parties. Unauthorized access to the printing device may result in unauthorized access to and/or distribution of private customer data. Further, unauthorized reconfiguration of the printing device can result in damage to the printing device.
Disclosure of Invention
The present application relates to a method and system for establishing a unique security mark for a printing device at the time of manufacture.
For example, the printing device may be used to personalize plastic cards such as financial cards including credit and debit cards, identification cards, driver's licenses, and other personalized plastic cards. In some embodiments, the printing device is a card printer.
Embodiments described herein may generate unique security identifiers for any type of printing device and sub-components of a printing device. Types of printing devices and sub-components of printing devices (hereinafter referred to simply as printing devices) may include, for example, central card issuing systems, desktop card printers, desktop presses, passport systems, desktop laminators, smart card readers, input and/or output card hoppers, and the like.
Each unique security identification may include one or more unique private keys, each associated with a different operation of the printing device (e.g., authenticating a connection to a server or encrypting payload data). Each unique private key may be stored in a secure memory portion of the printing device or protected by a storage root key stored in a secure memory portion of the printing device. Authorization for a particular operation of a printing device may be established using a Public Key Infrastructure (PKI) having a particular private key that is associated with a particular operation to be performed by the printing device and a corresponding public key.
In some embodiments, the secure memory portion may store one or more public keys, each associated with a different operation of the printing device (e.g., authenticating consumables, performing secure boot operations). Each unique public key may be stored in a secure memory portion of the printing device or protected by a storage root key stored in a secure memory portion of the printing device. Authorization for a particular operation of a printing device may be established using a Public Key Infrastructure (PKI) having a particular public key that is associated with a particular operation to be performed by the printing device and a corresponding private key.
The unique security identifier may be generated at the time of manufacture (e.g., at the factory) to provide assurance to the user that the printing device is not configured with unauthorized firmware, hardware, and/or software. That is, embodiments described herein may prevent a printing device from operating when the printing device is configured with unauthorized firmware, hardware, and/or software. Embodiments described herein may also prevent network attacks that allow external devices/software to monitor customer personalization data.
Establishing a unique printer identification at the time of manufacture provides a verifiable identification for each printing device and makes it more difficult to break the identification once the machine is put into place. It also creates a factory benchmark for comparing the certified firmware with malware and/or other unwanted code that may be added in the field.
In some embodiments, a unique private key may be generated for each of the following operations: authentication of the printing device by the cloud server/service; authentication of consumables for use by the printing device; authentication of a printing device by a printer client (e.g., a document design and/or release and/or management system, etc.) using a printer protocol; authenticating the signed firmware for modification (e.g., firmware upgrade and/or firmware downgrade); an authentication print manager; authenticating the modular device security; authenticating configuration settings of the printing device; authenticating the source, configuration data, etc. of the print job; secure and/or measured booting of the printing device; secure sockets layer/transport layer security (SSL/TLS) authentication; certifying modular equipment security (multiple hoppers, touch screens, etc.); providing dual authentication; storing the authentication private key; authentication file system encryption (e.g., entire file system encryption, client data only encryption, etc.); payload encryption, etc.
In some embodiments, two or more unique private keys may be established during manufacture (e.g., "at the factory") of the printing device.
In addition, in some embodiments, one or more unique private keys may also be established/loaded after manufacture outside of the factory (e.g., by the customer, or by a Remote Monitoring and Management (RMM) server component (hereinafter "customer identification").
In one embodiment, a method for establishing a unique security identification for a printing device is provided. The method comprises the following steps: a first private key is obtained for use with a first operation of the printing device (e.g., TLS/SSL authentication). The method further comprises the following steps: a second private key is obtained for use with a second operation (e.g., payload encryption) of the printing device. Further, the method comprises: the first private key is loaded into a secure memory portion of the printing device during manufacture of the printing device. Further, the method comprises: the second private key is loaded into a secure memory portion of the printing device during manufacture of the printing device.
In another embodiment, a printing apparatus is provided. The printing apparatus includes a printer function component, a network input/output, a processor, and a secure memory portion. The printer functionality performs physical actions on a custom personalized document such as a financial card or ID. The network input/output transmits and receives data to and from outside the printing apparatus. The processor controls the operation of the printer functional components. The secure memory portion stores a unique security identification of the printing device, the unique security identification including at least one factory key associated with a secure boot operation. In some embodiments, the unique security identifier may include a plurality of factory keys. Each of the plurality of factory keys may be associated with a different operation of the printing device. In some embodiments, when the processor receives data that will require an operation to be performed by the printing device and a public key for authorizing the operation, the processor may determine whether the operation is authorized based on the public key and a factory private key associated with the operation before the processor processes the data and the printing device performs the operation. In some embodiments, when the processor receives data that will require an operation to be performed by the printing device and a private key for authorizing the operation, the processor may determine whether the operation is authorized based on the private key and a factory public key associated with the operation before the processor processes the data and the printing device performs the operation. In yet another embodiment, a method for performing operations of a printing device is provided. The method comprises the following steps: a processor of the printing device receives data from an external auxiliary device and an authorization request to verify authorization to perform an operation on the printing device. The method further comprises the following steps: a key corresponding to an operation is acquired from among one or more keys stored in a secure memory portion of a printing apparatus. Further, the method comprises: the processor uses the authorization request and the obtained key to determine whether the operation is authorized. Further, the method includes the printing device performing the operation when the operation is authorized, and includes: the printing device performs a physical action on the custom personalized document.
In yet another embodiment, a printing apparatus is provided. The printing device includes a housing, a card input in the housing, a card travel path, a print engine, and a secure memory portion. A card travel path extends from the card input through the housing. The print engine is disposed along the card travel path. The secure memory portion stores a unique security identification of the printing device and includes at least one factory key associated with an operation performed by the printing device.
In yet another embodiment, a method of generating a unique security identification of a printing device during manufacture of the printing device is provided. The method comprises the following steps: a unique printing device serial number associated with a component of the printing device is read. The method further comprises the following steps: the unique printing device serial number is sent to a certificate authority. Further, the method comprises: a certificate unique to the printing device containing the unique printing device serial number is received from a certificate authority. Further, the method comprises: the certificate is loaded to the printing device. In some embodiments, the unique printing device serial number may be placed in the public name field of the certificate.
Drawings
FIG. 1 illustrates a schematic diagram of an exemplary architecture of a printing device, according to one embodiment;
FIG. 2 illustrates a flow diagram of a method for providing identification and security to a printing device, according to one embodiment.
FIG. 3 illustrates a flow diagram of a method for performing the operation of a printing device, according to one embodiment.
FIG. 4 illustrates a flow diagram of a method for generating a unique security identifier for a printing device during manufacture of the printing device, according to one embodiment;
FIG. 5 illustrates one embodiment of a card printer that may be used with embodiments described herein.
Detailed Description
The present application relates to a method and system for establishing a unique security marking for a printing device at the time of manufacture.
In particular, embodiments described herein may generate unique security identifications for any type of printing device or sub-components of a printing device. Each unique security identifier may include one or more unique private keys, each unique private key associated with a different operation of the printing device. Each unique private key may be stored in a secure memory portion of the printing device. A PKI having a particular private key associated with a particular operation and a corresponding public key can be used to establish authorization for the particular operation of a printing device.
As described in embodiments disclosed herein, a printing apparatus includes: a secure memory portion storing a unique security identity defined at manufacture and which can be remotely verified. In some embodiments, the customer may supplement the unique security identifier with its own custom (custom) printer identifier that is installed by the customer and stored in the secure memory portion. For example, TLS server authentication may be performed using a custom printer identification. In some embodiments, portions of the custom printer identification may be used with portions of the unique secure printer identification (e.g., for TLS client authentication). In some embodiments, the portion of the custom printer identification may cover a portion of the (override) unique secure printer identification. Further, in some embodiments, the portion of the unique secure printer identification covered by the portion of the custom (customer) printer identification may remain stored in the secure memory portion.
In some embodiments, one or more private keys associated with the certificate may be stored in a secure memory portion of the printing device. This may include private keys corresponding to unique secure printer identifications, custom printer identifications, and/or payload protection certificates. Data stored in a secure memory portion of a printing device (e.g., public keys, private keys, certificates, storage root keys, certification identification keys, etc.) may include data that is fully loaded/stored in the secure memory portion, and data stored outside the secure memory portion (including portions of the data) that is protected by the storage root key stored in the secure memory portion.
The types of printing devices and subcomponents of printing devices (hereinafter referred to simply as printing devices) may include, for example, central card issuing systems, desktop card printers, desktop presses, passport systems, desktop laminators, smart card readers, input and/or output card hoppers, and the like.
As defined herein, a unique security identification of a printing device refers to one or more private keys stored within a secure memory portion of the printing device. The unique security identification of the printing device may also include one or more certificates, one or more public keys, and/or one or more key pairs (e.g., public and private keys). The unique security identifier is generated at the time of manufacture and can be verified remotely. In some embodiments, customers may be able to supplement unique security identifiers with their own custom printer identifiers.
As defined herein, a private key refers to an encryption key that is intended to be known only to a recipient, which may be used, for example, to decrypt data encrypted with a public key associated with the private key.
As defined herein, a public key refers to an encryption key that can be obtained and used by anyone, for example, to encrypt data intended for a particular recipient that can only be decrypted by using the associated private key.
As defined herein, a certificate refers to a digital document that contains attributes associated with a printing device, which attributes are issued by an attribute authority (attribute authority) and are used to characterize and/or authorize the printing device and/or auxiliary devices to operate or work with the printing device. The certificate may bind the identification to a particular key associated with the certificate. For example, the certificate may include: a certificate issuance date before which the key may be invalid, a certificate expiration date after which the key may become invalid, policy information including restrictions on the key associated with the certificate, a serial number of the printing device, serial numbers of one or more unique subcomponents of the printing device (e.g., a serial number of a Trusted Platform Module (TPM), a serial number of a Field Programmable Gate Array (FPGA), etc.), a private key, a public key, etc.
As defined herein, a Certificate Authority (CA) may store, generate, publish, and sign one or more certificates, private keys, and/or public keys. A manufacturer CA refers to a CA that provides one or more certificates, private keys, and/or public keys to a printing device at a factory and/or during manufacture of the printing device. Third party CAs include CAs that a customer may use to provide one or more certificates, private keys, and/or public keys to a printing device after the printing device is manufactured.
As defined herein, a secure memory portion refers to an isolated memory portion associated with a printing device that stores therein a unique security identification of the printing device. The secure memory portion may store, for example, a root key, a certificate identification key, one or more certificates, one or more private keys, and/or one or more public keys.
As defined herein, the attestation-identification key refers to: the identification key may be used to look up other identification keys stored in the secure memory portion and bind the other identification keys to endorsement keys in order to complete a chain of trust between, for example, the endorsement key and each of a plurality of keys (including private keys) stored in the secure memory portion and associated with identifications (e.g., unique security identification, one or more customer identifications, etc.). The attestation identification key can attest to the fact that a particular key is present in the secure memory portion, and can attest to measurements submitted to the secure memory portion to allow the secure memory portion to sign the measurements for later verification (e.g., during post-measurement boot discussed below).
As defined herein, a storage root key refers to a key used to protect data and/or other keys stored outside of a secure memory portion.
As defined herein, the term "cryptographic hash" refers to a mathematical algorithm that maps data of an arbitrary size to a bit string of a fixed size, the "cryptographic hash" being designed as a one-way function (i.e., an irreversible function).
As defined herein, a Hardware Security Module (HSM) refers to a physical computing device that protects and manages digital keys used to store authentication and provide cryptographic processing.
As defined herein, a factory key refers to a key (e.g., public, private, etc.) that is stored in a secure memory portion at the same time during manufacture of the printing device. The factory key may be obtained and/or generated within or outside the factory.
Fig. 1 illustrates a schematic diagram of an exemplary architecture of a printing device 100 that may be used in embodiments described herein. Printing device 100 generally includes one or more printer functional components 105, a processor 110, optional user input/output (I/O) 115, network I/O120, non-secure memory portion 125, storage 130, secure memory portion 135, and interconnect 150. The printing device 100 may communicate with one or more auxiliary devices 180 over the network 140. Optionally, the printing device 100 may also communicate with one or more Hardware Security Modules (HSMs) 185.
Printing device 100 generally represents the hardware aspects of the various printing devices and subcomponents that may be used to publish custom personalized documents. Examples of printing device 100 may include distributed issuance printers, central card issuance systems, desktop card printers, desktop presses, passport systems, desktop laminators, smart card readers, input and/or output card hoppers, and the like. It should be understood that the examples of the printing device 100 listed above are exemplary, and may also include other types of printing devices.
The printer functionality component 105 may perform one or more primary functions of the printing device 100. For example, when the printing device 100 is a desktop card printer, the printer functionality 105 may print a card. In another example, when the printing device 100 is a desktop press, the printer functionality 105 may press a card. In yet another example, the printer functional component 105 may laminate cards when the printing device 100 is a desktop laminator. The printer functionality 105 may include a magnetic stripe station that can read data on a magnetic stripe and/or write data to a magnetic stripe. The printer functionality 105 may also include a chip programming station that may read data on the chip and/or write data to the chip.
Processor 110 controls the operation of printing device 100 including printer functionality 105, network I/O120, and optional user I/O115. Processor 110 may retrieve and execute programming data obtained by network I/O120 and/or optional user I/O115 and stored in non-secure memory portion 125, secure memory portion 135, and/or storage 130. The processor 110 may also store, identify, and use application data residing in the non-secure memory portion 125.
Interconnect 150 is used to transmit programming instructions and/or application data between processor 110, printer functionality 105, optional user I/O115, network I/O120, non-secure memory portion 125, storage device 130, and secure memory portion 135. Interconnect 150 may be, for example, one or more buses or the like. Processor 110 may be a single processor, multiple processors, or a single processor with multiple processing cores.
According to some embodiments, optional user I/O115 may include display 116 and/or input 117. It should be understood that optional user I/O115 may be one or more devices communicatively connected to printing device 100 that are physically separate from printing device 100. For example, display 116 and input 117 may be communicatively coupled, but physically separated from printing device 100. In some embodiments, display 116 and input 117 may be physically included with printing device 100.
Display 116 may include any of a variety of display devices suitable for displaying information to a user. Examples of devices suitable for display 116 include, but are not limited to, cathode Ray Tube (CRT) monitors, liquid Crystal Display (LCD) monitors, light Emitting Diode (LED) monitors, and the like.
Input 117 may include any of a variety of input devices or apparatuses suitable for receiving input from a user. Examples of devices suitable for input 117 include, but are not limited to, a keyboard, a mouse, a trackball, buttons, voice commands, proximity sensors, eye sensing devices for determining input based on eye movement (e.g., scrolling based on eye movement), and the like. It should be understood that a combination of the aforementioned inputs 117 may be included as inputs 117. In some embodiments, the input 117 may be integrated with the display 116 such that both input and output are performed by the display 116.
Network I/O120 is configured to send and receive data to one or more auxiliary devices 180 and optionally one or more Hardware Security Modules (HSMs) 185 via network 140. Alternatively, the network 140 may be referred to as a communication network 140. Examples of network 140 may include, but are not limited to, a Local Area Network (LAN), a Wide Area Network (WAN), the internet, wired communication links, and the like. In some embodiments, network I/O120 may send and receive data over a wireless connection via network 140 using WiFi, bluetooth, zigBee, or other similar wireless communication protocols. In some embodiments, the printing device 100 may transmit data over a cellular, 3G, 4G, or other wireless protocol via the network 140. In some embodiments, network I/O120 may send and receive data via wire lines, fiber optic cables, universal serial bus "USB" cables, and the like. It should be understood that the network I/O120 may communicate over the network 140 through a suitable combination of the foregoing wired and wireless communication methods.
Generally, non-secure memory portion 125 is included to represent random access memory, such as, but not limited to, static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), or flash memory. In some embodiments, the non-secure memory portion 125 may be a volatile memory. In some embodiments, the non-secure memory portion 125 may be non-volatile memory. In some embodiments, at least a portion of the memory may be virtual memory.
Generally, storage device 130 is included to represent non-volatile storage such as, but not limited to, a hard disk drive, a solid state device, a removable memory card, an optical storage device, a flash memory device, a network attached storage device (NAS), or a connection to a Storage Area Network (SAN) device or other similar device that may store non-volatile data. In some embodiments, storage device 130 is a computer-readable medium. In some embodiments, storage device 130 may comprise a storage device external to printing device 100, for example in the cloud.
Generally, secure memory portion 135 is included to represent a memory storage device that is different and/or separate from non-secure memory portion 125 and storage device 130. In some embodiments, the secure memory portion 135 includes a processor. The secure memory portion 135 may include, for example, a secure cryptoprocessor, such as a TPM, a JAVA card, a memory device, and the like. A suitable TPM is sold by Infineon Technologies AG (Munich, germany). In some embodiments, the secure memory portion 135 includes the capability for securely generating encryption keys. In some embodiments, the private key used in the secure memory portion 135 is not accessible on the bus or external program, and all encryption/decryption is done within the secure memory portion 135. In some embodiments, the secure memory portion 135 may be part of the same memory device as the non-secure memory portion 125 and/or the storage device 130, but isolated from the non-secure memory portion 125 and/or the storage device 130.
The secure memory portion 135 is configured to store a unique security identification of the printing device 100 generated at the factory and/or during manufacture of the printing device 100. In particular, the secure memory portion 135 may store a plurality of private keys that contribute to forming a unique secure identification of the printing device 100. Each private key may be associated with a different operation of printing device 100. In some embodiments, the printing device 100 may issue one or more certificates by a Central Authority (CA) (e.g., a manufacturer CA), with any corresponding private keys stored in the secure memory portion 135.
In some embodiments, at the time of manufacture of the printing device 100, the CA may generate four key pairs (e.g., a storage root key pair, a certification key pair, a printer identification key pair, and a payload protection key pair) and three certificates (e.g., a certification certificate, a printer identification certificate, and a payload protection certificate). The printer identification certificate and/or the payload protection certificate may contain a serial number that is unique to the printer component.
Secure memory portion 135 may also store one or more custom printer identifications provided by the customer after manufacturing printing device 100. Each custom printer identification may include: one or more custom private keys that can complement and/or overlay the one or more private keys of the unique security identification.
In some embodiments, storing the plurality of private keys in the secure memory portion refers to: the private key is protected, such as by encryption, using a storage root key stored in the secure memory portion 135 and then stored outside of the secure memory portion 135. They may be decrypted by passing the private key protected by the storage root key back to the secure memory portion 135. Accordingly, the secure memory section 135 need not completely store each private key, and thus the memory space within the secure memory section 135 can be reduced.
A particular private key associated with a particular operation may be used to establish authorization for the particular operation of printing device 100.
To illustrate, in one example, the secure memory portion 135 can include a public key to verify consumables (e.g., printer ribbon, printer ink, etc.) to be used by the printer functionality component 105. When a consumable is added to the printing apparatus 100, the processor 110 may check whether the consumable has an authorization request (e.g., a private key certificate, a public key certificate, etc.). If the consumable has an authorization request, the processor 110 may use the particular public key associated with adding the consumable to the printing device 100 and use the public key along with the authorization request to ensure that the consumable is authorized by the printing device 100. If the consumable does not include an authorization request or if the authorization request is not authorized by the public key, the processor 110 may indicate: the printer function 105 does not operate until the consumable is replaced and/or a notification/alert is provided to the user.
In some embodiments, a unique private key may be generated for authenticating the printing device 100 by the cloud server/service via the network I/O120, for example during initial registration or enrollment of the printing device 100 into the cloud server/service.
In some embodiments, a unique private key may be generated for use in authenticating a consumable (e.g., printer ribbon, printer ink, etc.) for use by, for example, the printer functional component 105 of the printing device 100.
In some embodiments, a unique private key may be generated for authentication of the printing device 100 by a printer client (e.g., a document design and/or release and/or management system, etc.) using a printer protocol.
In some embodiments, a unique private key may be generated to authenticate the printing device by the print manager.
In some embodiments, a unique private key may be generated to authenticate a firmware upgrade and/or downgrade. This may include authentication of the major and minor versions and patches.
In some embodiments, a unique private key may be generated to authenticate modular device security. This may include authentication of, for example, multiple magazines, touch screens, etc.
In some embodiments, a unique private key may be generated to authenticate the configuration settings of the printing device 100. This may include authentication of, for example, printer speed settings, printer color parameter settings, and the like.
In some embodiments, a unique private key may be generated to authenticate the print job source, configuration data, and the like. This may include authentication of each client that sends a print job to the printing device 100, for example.
In some embodiments, a unique private key may be generated to facilitate secure booting of printing device 100. This may include, for example, authentication each time the printing apparatus 100 is turned on. Accordingly, the printing apparatus 100 can be prevented from operating when, for example, it is configured with unauthorized software. Thus, the customer can be sure that the printing apparatus 100 is running safe and reliable software (e.g., software provided by the manufacturer).
For example, in secure boot, each step of the boot process verifies the authentication of the secure boot before proceeding to the next step of the boot process.
In some embodiments, a cryptographic hash of the public key is programmed into the processor 110, and an internal boot loader (e.g., boot Read Only Memory (ROM)) of the processor 110 may refuse to transfer control to an external boot loader unless it is signed with a private key that matches the cryptographic hash of the public key.
In some embodiments, a cryptographic hash of a public key (e.g., a secure boot public key) may be burned into a portion of the processor 110. That is, the cryptographic hash of the public key may be programmed into a fuse block (fuse block) of the processor 110 such that the cryptographic hash of the public key may be read but cannot be reprogrammed. Thus, since the cryptographic hash of the public key takes less memory space than the public key, the amount of memory space in the required processor may be reduced. For example, in one embodiment, the secure boot public key may have a memory size greater than 2000 bits, and the cryptographic hash of the secure boot key may have a memory size of about 160 bits to about 256 bits. In some embodiments, a portion of the processor 110 may be a P1010 secure fuse processor available from Freescale Semiconductor, inc. as purchased by NXP (Ai Ende hofin, the netherlands).
In some embodiments, the private key (e.g., secure boot private key) may be stored offline outside of the printing device 100 (e.g., at a CA).
In some embodiments, a unique private key may be generated to authenticate the measured boot of the printing device 100. In post-measured boot, the authentication does not have to be verified at every step of the boot process before allowing the boot process to proceed to the next step. Rather, in measured boot, each step of the boot process is measured and stored in the secure memory portion 135 (as a cryptographic hash in some embodiments) for later attestation. The measured boot may continue with each step of the boot process even if proper authentication has not been verified in one or more previous steps of the boot process.
In one embodiment of the measured boot, at each step of the boot process, the external boot loader may initialize the secure memory portion 135, measure the current state of the external boot loader's boot process (e.g., firmware image) and the current state of the print device's 100 operating system's boot process (e.g., firmware image), and send the results to the secure memory portion 135 for security attestation. The attestation identification key can be used by the secure memory portion 135 to attest to the results sent to the secure memory portion 135 for later verification.
In some embodiments, the external boot loader may be configured to store one or more of: a public key for verifying the firmware signing key, a list of additional trusted firmware signing key pairs, and a blacklist of insecure firmware images.
In some embodiments, a unique private key may be generated for SSL/TLS authentication between the printing device 100 and one or more auxiliary devices 180 (e.g., servers). Further, in some embodiments, the unique private key for SSL/TLS authentication generated during manufacture of the printing device may be replaced with a customer-initiated unique private key for SSL/TLS authentication. In other embodiments, the unique private key for SSL/TLS authentication generated during manufacture of the printing device may be used with a customer-initiated unique private key for SSL/TLS authentication. In these embodiments, the TLS server may indicate which private key it wants by specifying the supported root of trust as part of the TLS handshake between the TLS server and the printing device 100.
In some embodiments, when a client (e.g., a print driver, a management tool, etc.) is connected to the printing device 100, the connection may be performed through/using TLS, and the printing device 100 may use a printer identification certificate to determine whether the client is authorized to connect to the printing device 100.
In some embodiments, the manufacturer printer identification certificate issued by the manufacturer CA during manufacture of the printing device 100 may be used for TLS server authentication, TLS client authentication, and other purposes of the printing device 100. In these embodiments, the manufacturer printer identification certificate includes the TLS private key, which may be stored in the secure memory portion 135, while the TLS authentication public key may be authenticated by the CA. The customer may additionally configure a separate custom printer identification certificate, which may be self-signed by the printing device 100 or generated by a third party CA, for example. The printing device 100 may be configured to use a custom printer identification certificate instead of the manufacturer printer identification certificate. In some embodiments, the manufacturer printer identification certificate may continue to be retained in the secure memory portion 135 even if a custom printer identification certificate is used instead of the manufacturer printer identification certificate.
In some embodiments, a unique private key may be generated to provide dual authentication communications via network I/O120. This may include authentication, for example, to allow a user to log into the printing device 100 and/or access the printing device 100.
In some embodiments, a unique private key may be generated to authenticate the key and certificate store. This may include authentication of, for example, field rewriting of one or more private keys (e.g., authentication of a client-initiated private key).
In some embodiments, a unique private key may be generated to authenticate the file system encryption (e.g., entire file system encryption, client data only encryption, etc.). This may include authentication to provide file system encryption for, for example, log files, job histories, and so forth.
In some embodiments, a unique private key may be generated to facilitate payload encryption. Payload encryption may allow data to be encrypted before being sent over, for example, a TLS connection. In some embodiments, separate certificates with separately configured trust roots may be used for data sent to the printing device 100, and data sent by the printing device 100.
In some embodiments, the printing device 100 may be issued a payload protection certificate that may be used, for example, by one or more backend systems to encrypt data to be sent to the printing device 100. In some embodiments, the payload protection certificate may also be used by the printing device 100 to sign data originating from the printing device 100. The payload protection private key may be stored in the secure memory portion 135, and the payload protection public key may be authenticated by the manufacturer CA during manufacturing of the printing device 100. The customer may additionally configure a separate custom payload protection certificate, which may be self-signed by the printing device 100 or generated by a third party CA, for example. The printing device 100 may be configured to use a custom payload protection certificate instead of the manufacturer printer identification certificate. In some embodiments, the manufacturer payload protection certificate may continue to be stored in the secure memory portion 135 even if a custom payload protection certificate is used instead of the manufacturer payload protection certificate.
In some embodiments, two or more unique private keys (also referred to as "at factory identity") may be established while the printing device 100 is still manufactured.
Further, in some embodiments, the one or more unique private keys may also be established after the printing device is manufactured and/or outside the factory (e.g., by the customer, a legacy printing device (e.g., a printing device without a secure memory portion)), or by the RMM server component (also referred to as a "customer identification"). The private key that is established outside the factory is referred to herein as the client-initiated private key. In some embodiments, two or more unique private keys identified at the factory can be part of one root of trust, while one or more client-initiated private keys can be part of one or more different roots of trust. Thus, the customer can supplement the factory identification with its own customer identification installed in the printing device 100. For example, encryption and/or decryption operations of printing device 100 may use a customer-initiated private key to protect customer-specific data (e.g., name information, credit card number information, date of birth information, etc.) that is encrypted or decrypted. In some cases, the customer-initiated private key may not replace and/or override the factory private key in order to protect certain operations (e.g., maintenance operations) performed by printing device 100. For example, the customer-initiated private key may not be used, for example, for firmware upgrade and/or downgrade operations, for maintenance tasks of printing device 100, for creating and/or replacing on-plant logos, and so forth.
In some embodiments, the printing device 100 may communicate with one or more optional HSMs 185. Each optional HSM 185 may include, for example, a secure crypto processor such as a TPM, a JAVA card, a memory device, and the like. Each HSM 185 may be configured to store one or more certificates, one or more public keys, one or more private keys, a certification identification key, and/or a storage root key associated with the printing device 100. In some embodiments, one or more of the HSMs 185 can operate in conjunction with the secure memory portion 135 and/or in place of the secure memory portion 135.
FIG. 2 illustrates a flow diagram of one embodiment of a method 200 for providing identification and security to the printing device 100 shown in FIG. 1. At 205, while at the factory, the processor 110 of the printing device 100 obtains a private key for use with the first operation of the printing device 100. The first operation may be any of the operations discussed above with respect to fig. 1. For example, in one embodiment, the first operation may be TLS/SSL authentication. In some embodiments, the private key may be issued by the attribute authority to the printing device 100. At 210, during manufacture of the printing device 100, the processor 110 loads the private key into the secure memory portion 135.
At 215, during manufacture of the printing device 100, the processor 110 of the printing device 100 obtains an additional private key for use with additional operations of the printing device 100. Similar to the first operation, the additional operation may be any of the operations discussed above with respect to fig. 1. For example, in one embodiment, the second operation may be payload encryption. In some embodiments, the additional private key may also be issued by the attribute authority to the printing device 100. At 220, during manufacture of the printing device 100, the processor 110 loads the additional private key into the secure memory portion 135.
At 225, the processor 110 determines whether any other private keys are to be issued during manufacture of the printing device 100 to establish a unique security identification of the printing device 100. If another private key is to be issued during manufacture, method 200 returns to 215. If no other private key is issued during manufacture, method 200 proceeds to 230.
At 230, after manufacturing the printing device 100 and/or after the printing device 100 is outside the factory, the processor 110 waits for the customer to replenish the unique security identification of the printing device 100. At 235, the processor 110 obtains a customer-initiated private key for use with the operation of the printing device 100. The operation may be any of the operations discussed above with respect to fig. 1. In some embodiments, the customer-initiated private key is issued by the attribute authority to the printing device 100.
In some embodiments, the attribute authority may be the same attribute authority that issued the first private key and the additional private key. In other embodiments, the attribute mechanism may be a different attribute mechanism. Further, in some embodiments, the client-initiated private key may be part of a different root of trust than the root of trust of the first private key and the additional private key. The client-initiated private key is part of a different root of trust than the private key loaded into the secure memory portion 135 during manufacture, allowing the client to protect and control client-specific data.
At 240, the processor 110 loads the client-initiated private key into the secure memory portion 135. In some embodiments, when a customer-initiated private key is used for an operation in which the secure memory portion 135 already stores the private key, the processor 110 replaces the previously stored private key with the customer-initiated private key. In other embodiments, the processor 110 stores the previously stored private key in the secure memory portion 135 along with the client-initiated private key. Process 200 then returns to 230.
FIG. 3 illustrates a flow diagram of one embodiment of a method 300 for performing the operations of the printing device 100 shown in FIG. 1. The operation may be any of the operations discussed above with respect to fig. 1. At 305, the printing device waits to receive data that requires the printing device 100 to perform an operation, and an authorization request for the operation (e.g., a public key certificate, a private key certificate, etc.). The data and authorization request may be received via network I/O120 and/or optional user I/O115. Upon receiving data requiring the printing device 100 to perform operations and authorize requests, the method 300 proceeds to 310.
At 310, a key (e.g., private key, public key, etc.) associated with the operation to be performed is identified from one or more keys stored in the secure memory portion 135. In some embodiments, the processor 110 may identify the key to use. In other embodiments, a processor within the secure memory portion 135 may identify the key to use. It should be understood that in other embodiments, any other processor external or internal to the printing device 100 may also identify the key to use. Method 300 then proceeds to 315.
At 315, the authorization request is verified using the authorization request and the identified key to determine if the operation is authorized. In some embodiments, the processor 110 may verify the authorization request. In other embodiments, a processor within the secure memory portion 135 may verify the authorization request. It should be appreciated that in other embodiments, any other processor external or internal to the printing device 100 may also verify the authorization request. At 320, if it is determined that the operation is authorized based on the authorization request and the identified key, method 300 proceeds to 325. Otherwise, method 300 proceeds to 330.
At 325, the printing device 100 performs the operation, and the method 300 returns to 305. At 330, the processor 110 cancels the operation and may optionally provide a notification/alert to the user. Method 300 then returns to 305.
Fig. 4 illustrates a flow diagram of a method 400 for generating a unique security identification of a printing device during manufacturing of the printing device. The method begins at 405 by reading a unique printing device serial number from a printing device being manufactured. The unique printing device serial number may include, for example, a serial number of the entire printing device, a serial number of one or more subcomponents of the printing device (e.g., a serial number of a TPM, a serial number of an FPGA, etc.), and the like. In some embodiments, the client reads a unique printing device serial number from the printing device being manufactured.
At 410, the unique printing device serial number is sent to the CA. In some embodiments, the client sends the unique printing device serial number to the CA.
At 415, the CA generates a certificate unique to the printing device, the certificate being based on and including the unique printing device serial number. The private key may be associated with any one of a number of different operations of the printing device. By using the unique printing device serial number to generate a certificate, a unique and secure identification is generated for the printing device being manufactured.
In some embodiments, a certificate may be generated for each of the following operations: authentication of the printing device by the cloud server/service; authentication of consumables for use by the printing device; authentication of a printing device by a printer client (e.g., a document design and/or release and/or management system, etc.) using a printer protocol; authenticating the signed firmware for upgrade and/or downgrade; an authentication print manager; authenticating the modular device security; authenticating configuration settings of the printing device; authenticating the source, configuration data, etc. of the print job; authenticating secure and/or measured booting of the printing device; secure sockets layer/transport layer security (SSL/TLS) authentication; certifying modular equipment security (multiple hoppers, touch screens, etc.); providing dual authentication; authentication key and certificate storage; authentication file system encryption (e.g., entire file system encryption, client data only encryption, etc.); authentication payload encryption, etc.
At 420, the CA sends the certificate to the printing device. In some embodiments, the CA may send the certificate directly to the printing device. In other embodiments, the CA may send the certificate to the client, which then forwards the certificate to the printing device.
At 425, the printing device stores the private key associated with the certificate in a secure memory portion of the printing device while the printing device is manufactured. This provides assurance to the user that the printing device is not configured with unauthorized firmware, hardware, and/or software. Further, this may prevent the printing device from operating if the printing device is configured with unauthorized firmware, hardware, and/or software. This may also prevent network attacks that allow external devices/software to monitor the client personalization data.
FIG. 5 illustrates one embodiment of a card printer 5 that may be used with embodiments described herein. The card printer includes: a modular print engine 10 removably and removably mounted on top of a lower module 12. For example, the card printer 5 is configured to personalize plastic cards such as financial cards including credit and debit cards, identification cards, driver's licenses, and other personalized plastic cards.
The modular print engine 10 includes a housing 50, the housing 50 having a front end 52, a rear end 54, a top 56, and a bottom 58. A main card input 60 is located at the front end 52 of the housing 50 through which a plastic card to be processed by the modular print engine 10 and/or by the lower module 12 (i.e., by the card printer 5) is input. In some embodiments, card input 60 may also form a card output through which processed cards may be output from modular print engine 10. In other embodiments, a card output may be provided that is separate from card input 60 but is also located at front end 52, as is card input 60, through which processed cards may be output from modular print engine 10. A card input hopper 62 may be mounted at the front end 52 of the housing 50, the card input hopper 62 being in communication with the card input 60. In embodiments where the card output is also located at the front end 52, a card output hopper 66 may also be mounted at the front end 52 of the housing 50, the card output hopper 66 communicating with the card output to receive finished processed cards.
A main or first card travel path 68 extends from input 60 through housing 50. In the example shown, the card travel path 68 extends substantially horizontally through the housing 50 substantially parallel to the bottom 58. The card is transported along the card travel path 68 by a card transport mechanism such as a set of rollers 70. A print engine 74 is disposed along the card travel path 68, the print engine 74 being configured to print on cards disposed on the card travel path 68. The print engine 74 may be configured to perform retransfer, direct card printing, inkjet printing, laser marking, laser engraving, and any other type of printing performed on a card.
With continued reference to fig. 5, a second card travel path 76 may extend upward from card reorienting mechanism 72. In one embodiment, second card travel path 76 extends substantially vertically upward from card reorienting mechanism 72. The cards are transported along the card travel path 76 by a card transport mechanism such as a set of rollers 78.
The removable option module 80 is disposed along the second card travel path 76 and above the first card travel path 68. The removable options module 80 includes: at least one card handling mechanism configured to perform a handling operation on the plastic card. The removable option module 80 is one of a plurality of removable option modules 80 that can be installed one at a time in the modular print engine 10 to allow the functionality of the modular print engine 10 to be changed. Each option module 80 is configured to be independently and individually removably mounted in housing 50 along second card travel path 76 and above first card travel path 68, and each option module 80 is configured to perform a different processing operation on the plastic card received thereby. One option module 80 may be removed and the option module 80 replaced with a different option module 80 to change the functionality of the modular print engine 10. In one embodiment, options module 80 may be a magnetic stripe station that may read data on a magnetic stripe of a card and/or write data to a magnetic stripe. In another embodiment, option module 80 may be a chip programming station that may read data on the chip of the card and/or write data to the chip.
The lower module 12 generally includes a lower module housing 14, shown in phantom, having a front end 16, a rear end 18 opposite the front end 16, a top 20, and a bottom 22 opposite the top 20. A main card transport path 24 is defined in the housing 14 along which plastic cards are transported in a generally horizontal direction or generally parallel to the top and bottom portions 20, 22. A slot 26 is defined in the top 20 of the housing 14 through which a card may be input from the modular print engine 10 into the housing 14, and in some embodiments, output from the housing 14 back into the modular print engine 10. A secondary card transport path 28 leads from the slot 26 to a card redirection mechanism disposed adjacent the rear end 18 of the housing 14. In one embodiment, secondary card transport path 28 may be substantially vertical or perpendicular to primary card transport path 24, which may be substantially horizontal.
In operation of the lower module 12, a card enters the lower module 12 from the modular print engine 10 through the slot 26. The card is transported along the secondary card transport path 28 and into the card reorienting mechanism, which then rotates to align the card with the primary card transport path 24. The card is then directed along the main card transport path 24 to one or more card handling mechanisms 36, which one or more card handling mechanisms 36 perform one or more processing operations on the card. Examples of card handling mechanisms 36 that may be used include, but are not limited to, a card imprinter or a card laminator. The lower module 12 may also include an output at the end of the transport path 24 through which cards may be output from the lower module 12 after processing by the processing mechanism 36. In some embodiments, the lower module 12 may also include a card de-bowing mechanism (not shown) for eliminating bow that may occur on the card due to processing by the processing mechanism 36.
Further details of the card printer are described in U.S.2016/0300128, which is incorporated herein by reference in its entirety. One example of retransfer is described in us patent 6,894,710, which is incorporated herein by reference in its entirety. Examples of suitable card redirection mechanisms are described in U.S.2007/0220984 and U.S. patent 7,398,972, which are incorporated herein by reference in their entirety. Examples of suitable de-bowing mechanisms that may be used are described in US2014/0345787, which is incorporated herein by reference in its entirety.
Aspects described herein may be embodied as a system, method, or computer-readable medium. In some embodiments, the described aspects may be implemented in hardware, software (including firmware, etc.), or a combination thereof. Some aspects may be implemented in a computer-readable medium comprising computer-readable instructions for execution by a processor. Any combination of one or more computer-readable storage media may be used.
The computer-readable medium may include a computer-readable signal medium and/or a computer-readable storage medium. The computer readable storage medium may include any tangible medium that can store a computer program for use by a programmable processor to perform functions described herein by operating on input data and generating output. A computer program is a set of instructions that can be used, directly or indirectly, in a computer system to perform a certain function or to determine a certain result. Examples of computer-readable storage media include, but are not limited to: a floppy disk; a hard disk; random Access Memory (RAM); read Only Memory (ROM); semiconductor memory devices such as, but not limited to, erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash memory, and the like; portable compact disc read only memory (CD-ROM); an optical storage device; a magnetic storage device; other similar devices; or a suitable combination of the above. A computer readable signal medium may include a propagated data signal with computer readable instructions. Examples of propagated signals include, but are not limited to, optical propagated signals, electromagnetic propagated signals, and the like. A computer readable signal medium may include any computer readable medium that is not a computer readable storage medium and that can propagate a computer program for use by a programmable processor to perform functions described herein by operating on input data and generating output.
Some embodiments may be provided through a cloud computing infrastructure. Cloud computing generally includes providing scalable computing resources as a service over a network (e.g., the internet, etc.).
While a number of methods and systems are described herein, it is contemplated that a single system or method may include more than one of the subject matter described above. Thus, many of the above-described systems and methods can be used together in a single system or method.
The method comprises the following steps:
it is to be understood that any of aspects 1 to 5, 6 to 11, 12 to 19, 20 to 22, and 23 to 25 may be combined.
Aspect 1 a printing apparatus comprising:
a housing;
a card input in the housing;
a card travel path extending from the card input through the housing;
a print engine disposed along the card travel path; and
a secure memory portion storing a unique security identification of the printing device, the unique security identification including at least one factory key associated with an operation performed by the printing device.
Aspect 2 the printing device of aspect 1, wherein the at least one factory key is a private key.
Aspect 3. The printing device of any of aspects 1 or 2, further comprising at least one of:
a magnetic stripe station that reads and/or writes data on a magnetic stripe of a card; and
a chip programming station that reads and/or writes data on the chip of the card.
Aspect 4 the printing apparatus according to any one of aspects 1 to 3, wherein the at least one factory key is a storage root key for protecting data stored outside the secure memory section.
Aspect 5 the printing device of any of aspects 1-4, wherein the print engine is configured to perform at least one of retransfer, direct card printing, inkjet printing, laser marking, and laser engraving on the card.
Aspect 6 a printing apparatus, comprising:
a printer functionality component that performs physical actions on the custom personalized document;
a network input/output that transmits and receives data to and from outside the printing apparatus;
a processor that controls the operation of the printer functional components; and
a secure memory portion storing a unique security identification of the printing device, the unique security identification including at least one factory key associated with a secure boot operation.
Aspect 7 the printing apparatus of aspect 6, further comprising: a second printer functionality component that performs a second physical action on the custom personalized document, wherein the second physical action is different from the first physical action.
Aspect 8 the printing device of any of aspects 6 or 7, wherein the at least one factory key is a public key associated with a secure boot operation.
Aspect 9 the printing device of any of aspects 6 to 8, wherein the custom personalized document is a financial card or an identification card, and the printer functionality comprises a print engine adapted to print custom specific information onto the financial card or the identification card.
Aspect 10 the printing apparatus according to any one of aspects 6 to 9, wherein the secure memory portion stores a public key associated with at least one of a firmware modification operation and a consumable authentication operation.
Aspect 11 the printing device of any of aspects 6 to 10, wherein the processor comprises a public key burned into a memory portion of the processor.
Aspect 12. A method for establishing a unique security identification for a printing device, the method comprising:
obtaining a first private key for use with a first operation of a printing device;
obtaining a second private key for use with a second operation of the printing device;
loading a first private key into a secure memory portion of a printing device during manufacture of the printing device; and
the second private key is loaded into a secure memory portion of the printing device during manufacture of the printing device.
Aspect 13 the method of aspect 12, further comprising: during manufacture of the printing device, a hash of the third public key is burned into a processor of the printing device.
Aspect 14 the method of any of aspects 12 or 13, further comprising: during manufacture of the printing device, the storage root key is stored into a secure memory portion of the printing device.
Aspect 15 the method of aspect 14, wherein loading the first private key into the secure memory portion comprises:
storing at least a portion of the first private key in a secure memory portion;
encrypting the first private key using the storage root key; and
sending the encrypted first private key for storage outside the secure memory portion, and
wherein loading the second private key into the secure memory portion comprises:
storing at least a portion of the second private key in the secure memory portion;
encrypting the second private key using the storage root key; and
the encrypted second private key is sent for storage outside the secure memory portion.
Aspect 16 the method of any of aspects 12-15, wherein loading the first private key into the secure memory portion comprises: storing the entire portion of the first private key in a secure memory portion, an
Wherein loading the second private key into the secure memory portion comprises: the entire portion of the second private key is stored in the secure memory portion.
Aspect 17 the method of any of aspects 12 to 16, further comprising: a proof identification key is generated and stored in a secure memory portion of the printing device.
Aspect 18 the method of any of aspects 12-17, wherein the printing device is a card printer.
Aspect 19. The method of any of aspects 12 to 18, further comprising: a proof identification key is generated and stored in a secure memory portion of the printing device.
Aspect 20 a method of generating a unique security identifier for a printing device during manufacture of the printing device, the method comprising:
reading a unique printing device serial number associated with a component of a printing device;
sending the unique printing device serial number to a certificate authority;
receiving, from a certificate authority, a certificate unique to a printing device containing a unique printing device serial number; and
the certificate is loaded to the printing device.
Aspect 21 the method of aspect 20, wherein the unique printing device serial number is placed in a public name field of the certificate.
Aspect 22 the method of any of aspects 20 or 21, further comprising: storing a key associated with the certificate in a secure memory portion of a printing device while the printing device is manufactured.
An aspect 23. A method for performing operation of a printing device, the method comprising:
a processor of the printing device receiving data from an external auxiliary device and an authorization request verifying authorization to perform an operation on the printing device;
acquiring a key corresponding to an operation stored in a secure memory portion of a printing apparatus;
the processor using the authorization request and the obtained key to determine whether the operation is authorized;
the printing apparatus performs the operation when the operation is authorized; and
the printing device performs a physical action on the custom personalized document.
Aspect 24 the method of aspect 23, wherein the operation is a printing device authentication operation, a consumable authentication operation, authenticating a connection to a server operation, an encrypt payload data operation, a firmware modification operation; a print manager authentication operation; performing safety certification operation on the modular equipment; a printing apparatus configuration setting authentication operation; a print job source authentication operation; configuring a data source authentication operation; a secure boot operation; secure sockets layer/transport layer security (SSL/TLS) authentication operations; double authentication operation; storing and authenticating a private key; and a file system cryptographic authentication operation.
Aspect 25 the method of aspect 23 or 24, wherein the authorization request is a public key and the key is a private key.
The present invention may be embodied in other forms without departing from the spirit or essential characteristics thereof. The disclosed examples are to be considered in all respects as illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than by the foregoing description; and all changes that come within the meaning and range of equivalency of the claims are intended to be embraced therein.

Claims (12)

1. A printing apparatus comprising:
a housing;
a card input in the housing;
a card travel path extending from the card input through the housing;
a print engine disposed along the card travel path;
a non-secure memory portion; and
a secure memory portion that is an isolated memory portion and that is distinct and/or separate from the non-secure memory portion, wherein the secure memory portion includes an encryption processor, and wherein the secure memory portion is configured to store a unique security identification of the printing device, the unique security identification including at least one factory key,
wherein the secure memory portion has access to a plurality of private keys, each of the plurality of private keys being associated with an operation performed by the printing device,
wherein the encryption processor is configured to verify an authorization request associated with a request operation to be performed by the printing device using at least one of the plurality of private keys associated with the request operation, and
wherein the printing device is configured to perform the requesting operation after the authorization request is verified by the encryption processor.
2. The printing device of claim 1, wherein the at least one factory key is a private key.
3. The printing device of any of claims 1 or 2, further comprising at least one of:
a magnetic stripe station that reads and/or writes data on a magnetic stripe of a card; and
a chip programming station that reads and/or writes data on the chip of the card.
4. The printing device of any of claims 1 or 2, wherein the print engine is configured to perform at least one of retransfer, direct card printing, inkjet printing, laser marking, and laser engraving on a card.
5. A printing apparatus comprising:
a printer functionality component that performs a first physical action on the custom personalized document;
a network input/output component that transmits and receives data to and from outside the printing apparatus;
a processor that controls operation of the printer functional component;
a non-secure memory portion; and
a secure memory portion that is an isolated memory portion and that is distinct and/or separate from the non-secure memory portion, wherein the secure memory portion includes a cryptographic processor, and wherein the secure memory portion is configured to store a unique security identification of the printing device, the unique security identification including at least one factory key,
wherein the secure memory portion has access to a plurality of private keys, each of the plurality of private keys being associated with an operation performed by the printing device,
wherein the encryption processor is configured to verify an authorization request associated with a request operation to be performed by the printing device using at least one of the plurality of private keys associated with the request operation, and
wherein the printing device is configured to perform the requesting operation after the authorization request is verified by the encryption processor.
6. The printing device of claim 5, further comprising: a second printer functionality component that performs a second physical action on the custom personalized document, wherein the second physical action is different from the first physical action.
7. The printing device of any of claims 5 or 6, wherein the at least one factory key is a public key associated with a secure boot operation.
8. A printing device according to any of claims 5 or 6, wherein the custom personalised document is a financial or identity card and the printer functionality comprises a print engine adapted to print custom information onto the financial or identity card.
9. The printing device according to any one of claims 5 or 6, wherein the secure memory portion stores a public key associated with at least one of a firmware modification operation and a consumable authentication operation.
10. A method of generating a unique security identification of a printing device during manufacture of the printing device, the method comprising:
reading a unique printing device serial number associated with a component of the printing device;
sending the unique printing device serial number to a certificate authority;
receiving, from the certificate authority, a certificate unique to a printing device that includes the unique printing device serial number;
loading said certificate to said printing device, an
Storing at least one factory key in a secure memory portion of the printing device,
wherein the secure memory portion has access to a plurality of private keys, each of the plurality of private keys being associated with an operation performed by the printing device,
wherein the encryption processor in the secure memory portion is configured to verify an authorization request associated with a request operation to be performed by the printing device using at least one of the plurality of private keys associated with the request operation, and
wherein the printing device is configured to perform the requesting operation after the authorization request is verified by the encryption processor.
11. The method of claim 10, wherein the unique printing device serial number is placed in a public name field of the certificate.
12. The method of any of claims 10 or 11, further comprising: storing a key associated with the certificate in the secure memory portion of the printing device while the printing device is manufactured.
CN201780084360.6A 2016-11-23 2017-11-22 Printer identification and security Active CN110214434B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211588704.6A CN116186728A (en) 2016-11-23 2017-11-22 Printer identification and security

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201662425898P 2016-11-23 2016-11-23
US62/425,898 2016-11-23
PCT/US2017/063074 WO2018098325A1 (en) 2016-11-23 2017-11-22 Printer identity and security

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202211588704.6A Division CN116186728A (en) 2016-11-23 2017-11-22 Printer identification and security

Publications (2)

Publication Number Publication Date
CN110214434A CN110214434A (en) 2019-09-06
CN110214434B true CN110214434B (en) 2022-12-23

Family

ID=62196110

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201780084360.6A Active CN110214434B (en) 2016-11-23 2017-11-22 Printer identification and security
CN202211588704.6A Pending CN116186728A (en) 2016-11-23 2017-11-22 Printer identification and security

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202211588704.6A Pending CN116186728A (en) 2016-11-23 2017-11-22 Printer identification and security

Country Status (4)

Country Link
EP (1) EP3545643B1 (en)
KR (1) KR102558262B1 (en)
CN (2) CN110214434B (en)
WO (1) WO2018098325A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596690A (en) * 2020-12-30 2021-04-02 珠海艾派克微电子有限公司 Method for resetting and upgrading consumable chip, chip and chip processing equipment
CN113836516B (en) * 2021-09-13 2023-08-29 北京安御道合科技有限公司 Printer selenium drum anti-counterfeiting and printing frequency protection system and method
WO2024039235A1 (en) * 2022-08-19 2024-02-22 삼성전자주식회사 Electronic device and method for performing user authentication on electronic device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423206A (en) * 2001-12-05 2003-06-11 佳能株式会社 Safty printing using secrete key after being checked

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6314521B1 (en) * 1997-11-26 2001-11-06 International Business Machines Corporation Secure configuration of a digital certificate for a printer or other network device
JP3620362B2 (en) 1998-10-16 2005-02-16 日本ビクター株式会社 Card recorder
US7339690B2 (en) * 1999-07-14 2008-03-04 Fargo Electronics, Inc. Identification card printer with client/server
US7398972B2 (en) 2003-11-17 2008-07-15 Datacard Corporation Plastic card reorienting mechanism and interchangeable input hopper
US7725703B2 (en) * 2005-01-07 2010-05-25 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
JP2008194999A (en) * 2007-02-15 2008-08-28 Murata Mach Ltd Print management device
US7866904B2 (en) * 2007-03-06 2011-01-11 Datacard Corporation Desktop card printer with indent printing apparatus and method of printing
JP2008234603A (en) * 2007-03-23 2008-10-02 Sharp Corp Image forming system, portable terminal unit, computer program, recording medium and image forming method
JP5369502B2 (en) * 2008-06-04 2013-12-18 株式会社リコー Device, management device, device management system, and program
US8820743B2 (en) * 2009-12-28 2014-09-02 Toppan Printing Co., Ltd. Printing device
EP2804760B1 (en) 2012-02-23 2020-09-09 Entrust Datacard Corporation Card reorienting mechanism and methods utilizing same
US20140164753A1 (en) * 2012-12-06 2014-06-12 Samsung Electronics Co., Ltd System on chip for performing secure boot, image forming apparatus using the same, and method thereof
EP2775421B1 (en) * 2013-03-05 2019-07-03 Wincor Nixdorf International GmbH Trusted terminal platform
CN204414831U (en) * 2013-08-28 2015-06-24 无锡华通智能交通技术开发有限公司 A kind of public security certificate printer
CN107531061B (en) * 2015-04-09 2019-10-15 恩图鲁斯特咨询卡有限公司 Modularization print engine and modularization print engine component

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423206A (en) * 2001-12-05 2003-06-11 佳能株式会社 Safty printing using secrete key after being checked

Also Published As

Publication number Publication date
EP3545643A1 (en) 2019-10-02
CN116186728A (en) 2023-05-30
KR20190077552A (en) 2019-07-03
EP3545643A4 (en) 2020-10-14
WO2018098325A1 (en) 2018-05-31
CN110214434A (en) 2019-09-06
KR102558262B1 (en) 2023-07-21
EP3545643B1 (en) 2023-08-16

Similar Documents

Publication Publication Date Title
US20210064767A1 (en) Printer identity and security
US11218323B2 (en) Method and system for producing a secure communication channel for terminals
US20200014545A1 (en) Method for Using Cryptography to Protect Deployable Rapid On-Site Manufacturing 3D Printing Systems and Enable a Single Time Printing Protocol
EP3444999B1 (en) Method for generating a public/private key pair and public key certificate for an internet of things device
US8677144B2 (en) Secure software and hardware association technique
US7707405B1 (en) Secure installation activation
US10558961B2 (en) System and method for secure communication in a retail environment
US7809945B2 (en) Examination apparatus, communication system, examination method, computer-executable program product, and computer-readable recording medium
CN113632417A (en) Generating an identity of a computing device using a physical unclonable function
CN113841368A (en) Verifying identity of a vehicle entering a trust zone
JP2022528070A (en) Verification of the ID of an emergency vehicle while driving
AU2020380554A1 (en) Quantum-safe networking
CN102208000A (en) Method and system for providing security mechanisms for virtual machine images
CN110214434B (en) Printer identification and security
US20160077776A1 (en) Printing composite documents
US20240028672A1 (en) Terminal hardware configuration system
CN110268675A (en) Method in programmable hardware security module and programmable hardware security module
CN117397198A (en) Binding encryption key attestation
EP3342122B1 (en) Multiple authorization modules for secure production and verification
US11120438B1 (en) Cryptocurrency address security
JP7169193B2 (en) Method and apparatus for security protection in peripheral devices
US20220158852A1 (en) Providing a Proof of Origin for a Digital Key Pair
CN113647079A (en) Method for issuing a cryptographically protected authenticity certificate for a user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant